mirror of
https://git.busybox.net/busybox.git
synced 2024-11-27 15:43:26 +08:00
wget: make openssl/ssl_helper choice configurable
I got sick of not being able to wget a https file... Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
parent
3b650c1e7b
commit
1c6c670ed4
@ -382,7 +382,6 @@ IF_VOLNAME(APPLET(volname, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
IF_WATCH(APPLET(watch, BB_DIR_BIN, BB_SUID_DROP))
|
||||
IF_WATCHDOG(APPLET(watchdog, BB_DIR_SBIN, BB_SUID_DROP))
|
||||
IF_WC(APPLET(wc, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
IF_WHICH(APPLET(which, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
IF_WHOAMI(APPLET_NOFORK(whoami, whoami, BB_DIR_USR_BIN, BB_SUID_DROP, whoami))
|
||||
IF_YES(APPLET_NOFORK(yes, yes, BB_DIR_USR_BIN, BB_SUID_DROP, yes))
|
||||
|
@ -947,48 +947,6 @@ config VCONFIG
|
||||
help
|
||||
Creates, removes, and configures VLAN interfaces
|
||||
|
||||
config WGET
|
||||
bool "wget"
|
||||
default y
|
||||
help
|
||||
wget is a utility for non-interactive download of files from HTTP
|
||||
and FTP servers.
|
||||
|
||||
config FEATURE_WGET_STATUSBAR
|
||||
bool "Enable a nifty process meter (+2k)"
|
||||
default y
|
||||
depends on WGET
|
||||
help
|
||||
Enable the transfer progress bar for wget transfers.
|
||||
|
||||
config FEATURE_WGET_AUTHENTICATION
|
||||
bool "Enable HTTP authentication"
|
||||
default y
|
||||
depends on WGET
|
||||
help
|
||||
Support authenticated HTTP transfers.
|
||||
|
||||
config FEATURE_WGET_LONG_OPTIONS
|
||||
bool "Enable long options"
|
||||
default y
|
||||
depends on WGET && LONG_OPTS
|
||||
help
|
||||
Support long options for the wget applet.
|
||||
|
||||
config FEATURE_WGET_TIMEOUT
|
||||
bool "Enable timeout option -T SEC"
|
||||
default y
|
||||
depends on WGET
|
||||
help
|
||||
Supports network read and connect timeouts for wget,
|
||||
so that wget will give up and timeout, through the -T
|
||||
command line option.
|
||||
|
||||
Currently only connect and network data read timeout are
|
||||
supported (i.e., timeout is not applied to the DNS query). When
|
||||
FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option
|
||||
will work in addition to -T.
|
||||
|
||||
config ZCIP
|
||||
bool "zcip"
|
||||
default y
|
||||
|
@ -41,7 +41,6 @@ lib-$(CONFIG_TFTPD) += tftp.o
|
||||
lib-$(CONFIG_TRACEROUTE) += traceroute.o
|
||||
lib-$(CONFIG_TUNCTL) += tunctl.o
|
||||
lib-$(CONFIG_VCONFIG) += vconfig.o
|
||||
lib-$(CONFIG_WGET) += wget.o
|
||||
lib-$(CONFIG_ZCIP) += zcip.o
|
||||
|
||||
lib-$(CONFIG_TCPSVD) += tcpudp.o tcpudp_perhost.o
|
||||
|
22
networking/ssl_helper-wolfssl/00cfg-wolfssl-3.6.8
Executable file
22
networking/ssl_helper-wolfssl/00cfg-wolfssl-3.6.8
Executable file
@ -0,0 +1,22 @@
|
||||
#!/bin/sh
|
||||
|
||||
# How to configure & build a static wolfssl-3.6.8 library
|
||||
# suitable for static build of ssl_helper.
|
||||
|
||||
export CC="x86_64-gcc"
|
||||
export CFLAGS="\
|
||||
-Os \
|
||||
-static \
|
||||
-fomit-frame-pointer \
|
||||
-falign-functions=1 -falign-labels=1 -falign-loops=1 -falign-jumps=1 \
|
||||
-ffunction-sections -fdata-sections \
|
||||
"
|
||||
|
||||
./configure \
|
||||
--enable-static \
|
||||
--enable-singlethreaded \
|
||||
--disable-shared \
|
||||
|| exit $?
|
||||
|
||||
make
|
||||
exit $?
|
15
networking/ssl_helper-wolfssl/README
Normal file
15
networking/ssl_helper-wolfssl/README
Normal file
@ -0,0 +1,15 @@
|
||||
Build instructions:
|
||||
|
||||
* Unpack wolfssl-3.6.8.zip
|
||||
* Build it:
|
||||
./configure --enable-static --disable-shared && make
|
||||
* Drop this directory into wolfssl-3.6.8/ssl_helper
|
||||
* Run ssl_helper.sh to compile and link the helper
|
||||
|
||||
Usage: "ssl_helper -d FILE_DESCRIPTOR" where FILE_DESCRIPTOR is open to the peer.
|
||||
|
||||
In bash, you can do it this way:
|
||||
$ ssl_helper -d3 3<>/dev/tcp/HOST/PORT
|
||||
|
||||
Stdin will be SSL-encrypted and sent to FILE_DESCRIPTOR.
|
||||
Data from FILE_DESCRIPTOR will be decrypted and sent to stdout.
|
480
networking/ssl_helper-wolfssl/ssl_helper.c
Normal file
480
networking/ssl_helper-wolfssl/ssl_helper.c
Normal file
@ -0,0 +1,480 @@
|
||||
/*
|
||||
* Adapted from:
|
||||
*
|
||||
* client.c
|
||||
*
|
||||
* Copyright (C) 2006-2015 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
#include <poll.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
#if 0
|
||||
# define dbg(...) say(__VA_ARGS__)
|
||||
#else
|
||||
# define dbg(...) ((void)0)
|
||||
#endif
|
||||
|
||||
static ssize_t safe_write(int fd, const void *buf, size_t count)
|
||||
{
|
||||
ssize_t n;
|
||||
|
||||
do {
|
||||
n = write(fd, buf, count);
|
||||
} while (n < 0 && errno == EINTR);
|
||||
|
||||
return n;
|
||||
}
|
||||
|
||||
static ssize_t full_write(int fd, const void *buf, size_t len)
|
||||
{
|
||||
ssize_t cc;
|
||||
ssize_t total;
|
||||
|
||||
total = 0;
|
||||
|
||||
while (len) {
|
||||
cc = safe_write(fd, buf, len);
|
||||
|
||||
if (cc < 0) {
|
||||
if (total) {
|
||||
/* we already wrote some! */
|
||||
/* user can do another write to know the error code */
|
||||
return total;
|
||||
}
|
||||
return cc; /* write() returns -1 on failure. */
|
||||
}
|
||||
|
||||
total += cc;
|
||||
buf = ((const char *)buf) + cc;
|
||||
len -= cc;
|
||||
}
|
||||
|
||||
return total;
|
||||
}
|
||||
|
||||
static void say(const char *s, ...)
|
||||
{
|
||||
char buf[256];
|
||||
va_list p;
|
||||
int sz;
|
||||
|
||||
va_start(p, s);
|
||||
sz = vsnprintf(buf, sizeof(buf), s, p);
|
||||
full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf));
|
||||
va_end(p);
|
||||
}
|
||||
|
||||
static void die(const char *s, ...)
|
||||
{
|
||||
char buf[256];
|
||||
va_list p;
|
||||
int sz;
|
||||
|
||||
va_start(p, s);
|
||||
sz = vsnprintf(buf, sizeof(buf), s, p);
|
||||
full_write(STDERR_FILENO, buf, sz >= 0 && sz < sizeof(buf) ? sz : strlen(buf));
|
||||
exit(1);
|
||||
va_end(p);
|
||||
}
|
||||
|
||||
static void err_sys(const char *msg)
|
||||
{
|
||||
die("%s\n", msg);
|
||||
}
|
||||
|
||||
/* ==== */
|
||||
|
||||
#if 0
|
||||
static void showPeer(WOLFSSL* ssl)
|
||||
{
|
||||
WOLFSSL_CIPHER* cipher;
|
||||
WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl);
|
||||
if (peer)
|
||||
ShowX509(peer, "peer's cert info:");
|
||||
else
|
||||
say("peer has no cert!\n");
|
||||
say("SSL version is %s\n", wolfSSL_get_version(ssl));
|
||||
|
||||
cipher = wolfSSL_get_current_cipher(ssl);
|
||||
say("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
|
||||
|
||||
{
|
||||
WOLFSSL_X509_CHAIN* chain = wolfSSL_get_peer_chain(ssl);
|
||||
int count = wolfSSL_get_chain_count(chain);
|
||||
int i;
|
||||
|
||||
for (i = 0; i < count; i++) {
|
||||
int length;
|
||||
unsigned char buffer[3072];
|
||||
WOLFSSL_X509* chainX509;
|
||||
|
||||
wolfSSL_get_chain_cert_pem(chain, i, buffer, sizeof(buffer), &length);
|
||||
buffer[length] = 0;
|
||||
say("cert %d has length %d data = \n%s\n", i, length, buffer);
|
||||
|
||||
chainX509 = wolfSSL_get_chain_X509(chain, i);
|
||||
if (chainX509)
|
||||
ShowX509(chainX509, "session cert info:");
|
||||
else
|
||||
say("get_chain_X509 failed\n");
|
||||
wolfSSL_FreeX509(chainX509);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
WOLFSSL *prepare(int sockfd)
|
||||
{
|
||||
WOLFSSL_METHOD* method;
|
||||
WOLFSSL_CTX* ctx;
|
||||
WOLFSSL* ssl;
|
||||
|
||||
wolfSSL_Init();
|
||||
|
||||
method = wolfTLSv1_1_client_method();
|
||||
if (method == NULL)
|
||||
err_sys("out of memory");
|
||||
ctx = wolfSSL_CTX_new(method);
|
||||
if (ctx == NULL)
|
||||
err_sys("out of memory");
|
||||
// if (cipherList)
|
||||
// if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
|
||||
// err_sys("client can't set cipher list 1");
|
||||
|
||||
// if (fewerPackets)
|
||||
// wolfSSL_CTX_set_group_messages(ctx);
|
||||
|
||||
//#ifndef NO_DH
|
||||
// wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
|
||||
//#endif
|
||||
|
||||
// if (usePsk) {
|
||||
// wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb);
|
||||
// if (cipherList == NULL) {
|
||||
// const char *defaultCipherList;
|
||||
//#if defined(HAVE_AESGCM) && !defined(NO_DH)
|
||||
// defaultCipherList = "DHE-PSK-AES128-GCM-SHA256";
|
||||
//#elif defined(HAVE_NULL_CIPHER)
|
||||
// defaultCipherList = "PSK-NULL-SHA256";
|
||||
//#else
|
||||
// defaultCipherList = "PSK-AES128-CBC-SHA256";
|
||||
//#endif
|
||||
// if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) != SSL_SUCCESS)
|
||||
// err_sys("client can't set cipher list 2");
|
||||
// }
|
||||
// useClientCert = 0;
|
||||
// }
|
||||
|
||||
// if (useAnon) {
|
||||
// if (cipherList == NULL) {
|
||||
// wolfSSL_CTX_allow_anon_cipher(ctx);
|
||||
// if (wolfSSL_CTX_set_cipher_list(ctx,"ADH-AES128-SHA") != SSL_SUCCESS)
|
||||
// err_sys("client can't set cipher list 4");
|
||||
// }
|
||||
// useClientCert = 0;
|
||||
// }
|
||||
|
||||
//#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
||||
// wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
|
||||
//#endif
|
||||
|
||||
// if (useOcsp) {
|
||||
// if (ocspUrl != NULL) {
|
||||
// wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl);
|
||||
// wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE
|
||||
// | WOLFSSL_OCSP_URL_OVERRIDE);
|
||||
// }
|
||||
// else
|
||||
// wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
|
||||
// }
|
||||
//
|
||||
//#ifdef USER_CA_CB
|
||||
// wolfSSL_CTX_SetCACb(ctx, CaCb);
|
||||
//#endif
|
||||
//
|
||||
//#ifdef VERIFY_CALLBACK
|
||||
// wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify);
|
||||
//#endif
|
||||
//#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
|
||||
// if (useClientCert) {
|
||||
// if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != SSL_SUCCESS)
|
||||
// err_sys("can't load client cert file, check file and run from"
|
||||
// " wolfSSL home dir");
|
||||
// if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, SSL_FILETYPE_PEM) != SSL_SUCCESS)
|
||||
// err_sys("can't load client private key file, check file and run "
|
||||
// "from wolfSSL home dir");
|
||||
// }
|
||||
//
|
||||
// if (!usePsk && !useAnon) {
|
||||
// if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS)
|
||||
// err_sys("can't load ca file, Please run from wolfSSL home dir");
|
||||
//#ifdef HAVE_ECC
|
||||
// /* load ecc verify too, echoserver uses it by default w/ ecc */
|
||||
// if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
|
||||
// err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
|
||||
//#endif
|
||||
// }
|
||||
//#endif /* !NO_FILESYSTEM && !NO_CERTS */
|
||||
|
||||
//#if !defined(NO_CERTS)
|
||||
// if (!usePsk && !useAnon && doPeerCheck == 0)
|
||||
// wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
// if (!usePsk && !useAnon && overrideDateErrors == 1)
|
||||
// wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myDateCb);
|
||||
//#endif
|
||||
|
||||
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
|
||||
//#ifdef HAVE_SNI
|
||||
// if (sniHostName)
|
||||
// if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName, XSTRLEN(sniHostName)) != SSL_SUCCESS)
|
||||
// err_sys("UseSNI failed");
|
||||
//#endif
|
||||
|
||||
//#ifdef HAVE_MAX_FRAGMENT
|
||||
// if (maxFragment)
|
||||
// if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != SSL_SUCCESS)
|
||||
// err_sys("UseMaxFragment failed");
|
||||
//#endif
|
||||
//#ifdef HAVE_TRUNCATED_HMAC
|
||||
// if (truncatedHMAC)
|
||||
// if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != SSL_SUCCESS)
|
||||
// err_sys("UseTruncatedHMAC failed");
|
||||
//#endif
|
||||
//#ifdef HAVE_SESSION_TICKET
|
||||
// if (wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS)
|
||||
// err_sys("UseSessionTicket failed");
|
||||
//#endif
|
||||
|
||||
//#if defined(WOLFSSL_MDK_ARM)
|
||||
// wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
//#endif
|
||||
|
||||
ssl = wolfSSL_new(ctx);
|
||||
if (ssl == NULL)
|
||||
err_sys("out of memory");
|
||||
|
||||
//#ifdef HAVE_SESSION_TICKET
|
||||
// wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session");
|
||||
//#endif
|
||||
|
||||
// if (doDTLS) {
|
||||
// SOCKADDR_IN_T addr;
|
||||
// build_addr(&addr, host, port, 1);
|
||||
// wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr));
|
||||
// tcp_socket(&sockfd, 1);
|
||||
// } wlse {
|
||||
// tcp_connect(&sockfd, host, port, 0);
|
||||
// }
|
||||
|
||||
//#ifdef HAVE_POLY1305
|
||||
// /* use old poly to connect with google server */
|
||||
// if (!XSTRNCMP(domain, "www.google.com", 14)) {
|
||||
// if (wolfSSL_use_old_poly(ssl, 1) != 0)
|
||||
// err_sys("unable to set to old poly");
|
||||
// }
|
||||
//#endif
|
||||
|
||||
wolfSSL_set_fd(ssl, sockfd);
|
||||
|
||||
//#ifdef HAVE_CRL
|
||||
// if (disableCRL == 0) {
|
||||
// if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS)
|
||||
// err_sys("can't enable crl check");
|
||||
// if (wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS)
|
||||
// err_sys("can't load crl, check crlfile and date validity");
|
||||
// if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != SSL_SUCCESS)
|
||||
// err_sys("can't set crl callback");
|
||||
// }
|
||||
//#endif
|
||||
//#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
// if (scr) {
|
||||
// if (wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS)
|
||||
// err_sys("can't enable secure renegotiation");
|
||||
// }
|
||||
//#endif
|
||||
//#ifdef ATOMIC_USER
|
||||
// if (atomicUser)
|
||||
// SetupAtomicUser(ctx, ssl);
|
||||
//#endif
|
||||
//#ifdef HAVE_PK_CALLBACKS
|
||||
// if (pkCallbacks)
|
||||
// SetupPkCallbacks(ctx, ssl);
|
||||
//#endif
|
||||
// if (matchName && doPeerCheck)
|
||||
// wolfSSL_check_domain_name(ssl, domain);
|
||||
|
||||
if (wolfSSL_connect(ssl) != SSL_SUCCESS) {
|
||||
// /* see note at top of README */
|
||||
// int err = wolfSSL_get_error(ssl, 0);
|
||||
// char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
// say("err = %d, %s\n", err,
|
||||
// wolfSSL_ERR_error_string(err, buffer));
|
||||
err_sys("SSL_connect failed");
|
||||
}
|
||||
// showPeer(ssl);
|
||||
|
||||
//#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
// if (scr && forceScr) {
|
||||
// if (wolfSSL_Rehandshake(ssl) != SSL_SUCCESS) {
|
||||
// int err = wolfSSL_get_error(ssl, 0);
|
||||
// char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
// say("err = %d, %s\n", err,
|
||||
// wolfSSL_ERR_error_string(err, buffer));
|
||||
// err_sys("wolfSSL_Rehandshake failed");
|
||||
// }
|
||||
// }
|
||||
//#endif
|
||||
|
||||
return ssl;
|
||||
}
|
||||
|
||||
static struct pollfd pfd[2] = {
|
||||
{ -1, POLLIN|POLLERR|POLLHUP, 0 },
|
||||
{ -1, POLLIN|POLLERR|POLLHUP, 0 },
|
||||
};
|
||||
#define STDIN pfd[0]
|
||||
#define NETWORK pfd[1]
|
||||
#define STDIN_READY() (pfd[0].revents & (POLLIN|POLLERR|POLLHUP))
|
||||
#define NETWORK_READY() (pfd[1].revents & (POLLIN|POLLERR|POLLHUP))
|
||||
|
||||
static void wait_for_input(void)
|
||||
{
|
||||
if (STDIN.fd == NETWORK.fd) /* means both are -1 */
|
||||
exit(0);
|
||||
dbg("polling\n");
|
||||
STDIN.revents = NETWORK.revents = 0;
|
||||
while (poll(pfd, 2, -1) < 0 && errno == EINTR)
|
||||
continue;
|
||||
}
|
||||
|
||||
static void do_io_until_eof_and_exit(WOLFSSL *ssl, int fd)
|
||||
{
|
||||
int len;
|
||||
char ibuf[4 * 1024];
|
||||
|
||||
NETWORK.fd = fd;
|
||||
STDIN.fd = 0;
|
||||
|
||||
len = 0; /* only to suppress compiler warning */
|
||||
for (;;) {
|
||||
wait_for_input();
|
||||
|
||||
if (STDIN_READY()) {
|
||||
dbg("reading stdin\n");
|
||||
len = read(STDIN_FILENO, ibuf, sizeof(ibuf));
|
||||
if (len < 0)
|
||||
die("read error on stdin\n");
|
||||
if (len == 0) {
|
||||
dbg("read len = 0, stdin not polled anymore\n");
|
||||
STDIN.fd = -1;
|
||||
} else {
|
||||
int n = wolfSSL_write(ssl, ibuf, len);
|
||||
if (n != len)
|
||||
die("SSL_write(%d) failed (returned %d)\n", len, n);
|
||||
}
|
||||
}
|
||||
|
||||
if (NETWORK_READY()) {
|
||||
dbg("%s%s%s\n",
|
||||
(pfd[1].revents & POLLIN) ? "POLLIN" : "",
|
||||
(pfd[1].revents & POLLERR) ? "|POLLERR" : "",
|
||||
(pfd[1].revents & POLLHUP) ? "|POLLHUP" : ""
|
||||
);
|
||||
/* We are using blocking socket here.
|
||||
* (Nonblocking socket would complicate writing to it).
|
||||
* Therefore, SSL_read _can block_ here.
|
||||
* This is not what wget expects (it wants to see short reads).
|
||||
* Therefore, we use smallish buffer here, to approximate that.
|
||||
*/
|
||||
len = wolfSSL_read(ssl, ibuf,
|
||||
sizeof(ibuf) < 1024 ? sizeof(ibuf) : 1024
|
||||
);
|
||||
if (len < 0)
|
||||
die("SSL_read error on network (%d)\n", len);
|
||||
if (len > 0) {
|
||||
int n;
|
||||
n = full_write(STDOUT_FILENO, ibuf, len);
|
||||
if (n != len)
|
||||
die("write(%d) to stdout returned %d\n", len, n);
|
||||
continue;
|
||||
}
|
||||
/* Blocking reads are easier wtr EOF detection (no EAGAIN error to check for) */
|
||||
dbg("read len = 0, network not polled anymore\n");
|
||||
NETWORK.fd = -1;
|
||||
/* saw EOF on network, and we processed
|
||||
* and wrote out all ssl data. Signal it:
|
||||
*/
|
||||
close(STDOUT_FILENO);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
WOLFSSL *ssl;
|
||||
int fd;
|
||||
char *fd_str;
|
||||
|
||||
if (!argv[1])
|
||||
die("Syntax error\n");
|
||||
if (argv[1][0] != '-')
|
||||
die("Syntax error\n");
|
||||
if (argv[1][1] != 'd')
|
||||
die("Syntax error\n");
|
||||
fd_str = argv[1] + 2;
|
||||
if (!fd_str[0])
|
||||
fd_str = argv[2];
|
||||
if (!fd_str || fd_str[0] < '0' || fd_str[0] > '9')
|
||||
die("Syntax error\n");
|
||||
|
||||
fd = atoi(fd_str);
|
||||
if (fd < 3)
|
||||
die("Syntax error\n");
|
||||
|
||||
ssl = prepare(fd);
|
||||
do_io_until_eof_and_exit(ssl, fd);
|
||||
/* does not return */
|
||||
|
||||
// if (doDTLS == 0) { /* don't send alert after "break" command */
|
||||
// ret = wolfSSL_shutdown(ssl);
|
||||
// if (wc_shutdown && ret == SSL_SHUTDOWN_NOT_DONE)
|
||||
// wolfSSL_shutdown(ssl); /* bidirectional shutdown */
|
||||
// }
|
||||
//#ifdef ATOMIC_USER
|
||||
// if (atomicUser)
|
||||
// FreeAtomicUser(ssl);
|
||||
//#endif
|
||||
// wolfSSL_free(ssl);
|
||||
// CloseSocket(sockfd);
|
||||
// wolfSSL_CTX_free(ctx);
|
||||
|
||||
return 0;
|
||||
}
|
11
networking/ssl_helper-wolfssl/ssl_helper.sh
Executable file
11
networking/ssl_helper-wolfssl/ssl_helper.sh
Executable file
@ -0,0 +1,11 @@
|
||||
#!/bin/sh
|
||||
|
||||
# I use this to build static uclibc based binary using Aboriginal Linux toolchain:
|
||||
PREFIX=x86_64-
|
||||
STATIC=-static
|
||||
# Standard build:
|
||||
#PREFIX=""
|
||||
#STATIC=""
|
||||
|
||||
${PREFIX}gcc -Os -Wall -I.. -c ssl_helper.c -o ssl_helper.o
|
||||
${PREFIX}gcc $STATIC --start-group ssl_helper.o -lm ../src/.libs/libwolfssl.a --end-group -o ssl_helper
|
@ -9,6 +9,89 @@
|
||||
* Kuhn's copyrights are licensed GPLv2-or-later. File as a whole remains GPLv2.
|
||||
*/
|
||||
|
||||
//config:config WGET
|
||||
//config: bool "wget"
|
||||
//config: default y
|
||||
//config: help
|
||||
//config: wget is a utility for non-interactive download of files from HTTP
|
||||
//config: and FTP servers.
|
||||
//config:
|
||||
//config:config FEATURE_WGET_STATUSBAR
|
||||
//config: bool "Enable a nifty process meter (+2k)"
|
||||
//config: default y
|
||||
//config: depends on WGET
|
||||
//config: help
|
||||
//config: Enable the transfer progress bar for wget transfers.
|
||||
//config:
|
||||
//config:config FEATURE_WGET_AUTHENTICATION
|
||||
//config: bool "Enable HTTP authentication"
|
||||
//config: default y
|
||||
//config: depends on WGET
|
||||
//config: help
|
||||
//config: Support authenticated HTTP transfers.
|
||||
//config:
|
||||
//config:config FEATURE_WGET_LONG_OPTIONS
|
||||
//config: bool "Enable long options"
|
||||
//config: default y
|
||||
//config: depends on WGET && LONG_OPTS
|
||||
//config: help
|
||||
//config: Support long options for the wget applet.
|
||||
//config:
|
||||
//config:config FEATURE_WGET_TIMEOUT
|
||||
//config: bool "Enable timeout option -T SEC"
|
||||
//config: default y
|
||||
//config: depends on WGET
|
||||
//config: help
|
||||
//config: Supports network read and connect timeouts for wget,
|
||||
//config: so that wget will give up and timeout, through the -T
|
||||
//config: command line option.
|
||||
//config:
|
||||
//config: Currently only connect and network data read timeout are
|
||||
//config: supported (i.e., timeout is not applied to the DNS query). When
|
||||
//config: FEATURE_WGET_LONG_OPTIONS is also enabled, the --timeout option
|
||||
//config: will work in addition to -T.
|
||||
//config:
|
||||
//config:choice
|
||||
//config: prompt "Choose how to handle https:// URLs"
|
||||
//config: depends on WGET
|
||||
//config: default FEATURE_WGET_OPENSSL
|
||||
//config: help
|
||||
//config: Choose how wget establishes SSL connection for https:// URLs.
|
||||
//config:
|
||||
//config: Busybox itself contains no SSL code. wget will spawn
|
||||
//config: a helper program to talk over HTTPS.
|
||||
//config:
|
||||
//config: OpenSSL has a simple SSL client for debug purposes.
|
||||
//config: If you select "openssl" helper, wget will effectively call
|
||||
//config: "openssl s_client -quiet -connect IP:443 2>/dev/null"
|
||||
//config: and pipe its data through it.
|
||||
//config: Note inconvenient API: host resolution is done twice,
|
||||
//config: and there is no guarantee openssl's idea of IPv6 address
|
||||
//config: format is the same as ours.
|
||||
//config: Another problem is that s_client prints debug information
|
||||
//config: to stderr, and it needs to be suppressed. This means
|
||||
//config: all error messages get suppressed too.
|
||||
//config: openssl is also a big binary, often dynamically linked
|
||||
//config: against ~15 libraries.
|
||||
//config:
|
||||
//config: ssl_helper is a tool which can be built statically
|
||||
//config: from busybox sources against a small embedded SSL library.
|
||||
//config: Please see networking/ssl_helper/README.
|
||||
//config: It does not require double host resolution and emits
|
||||
//config: error messages to stderr.
|
||||
//config:
|
||||
//config:config FEATURE_WGET_OPENSSL
|
||||
//config: bool "openssl"
|
||||
//config:
|
||||
//config:config FEATURE_WGET_SSL_HELPER
|
||||
//config: bool "ssl_helper"
|
||||
//config:
|
||||
//config:endchoice
|
||||
|
||||
//applet:IF_WGET(APPLET(wget, BB_DIR_USR_BIN, BB_SUID_DROP))
|
||||
|
||||
//kbuild:lib-$(CONFIG_WGET) += wget.o
|
||||
|
||||
//usage:#define wget_trivial_usage
|
||||
//usage: IF_FEATURE_WGET_LONG_OPTIONS(
|
||||
//usage: "[-c|--continue] [-s|--spider] [-q|--quiet] [-O|--output-document FILE]\n"
|
||||
@ -520,6 +603,7 @@ static FILE* prepare_ftp_session(FILE **dfpp, struct host_info *target, len_and_
|
||||
return sfp;
|
||||
}
|
||||
|
||||
#if ENABLE_FEATURE_WGET_OPENSSL
|
||||
static int spawn_https_helper(const char *host, unsigned port)
|
||||
{
|
||||
char *allocated = NULL;
|
||||
@ -569,12 +653,11 @@ static int spawn_https_helper(const char *host, unsigned port)
|
||||
close(sp[1]);
|
||||
return sp[0];
|
||||
}
|
||||
#endif
|
||||
|
||||
/* See networking/ssl_helper/README */
|
||||
#define SSL_HELPER 0
|
||||
|
||||
#if SSL_HELPER
|
||||
static void spawn_https_helper1(int network_fd)
|
||||
/* See networking/ssl_helper/README how to build one */
|
||||
#if ENABLE_FEATURE_WGET_SSL_HELPER
|
||||
static void spawn_https_helper(int network_fd)
|
||||
{
|
||||
int sp[2];
|
||||
int pid;
|
||||
@ -851,19 +934,21 @@ static void download_one_url(const char *url)
|
||||
int status;
|
||||
|
||||
/* Open socket to http(s) server */
|
||||
#if ENABLE_FEATURE_WGET_OPENSSL
|
||||
if (target.protocol == P_HTTPS) {
|
||||
/* openssl-based helper
|
||||
* Inconvenient API since we can't give it an open fd
|
||||
*/
|
||||
/* openssl-based helper
|
||||
* Inconvenient API since we can't give it an open fd
|
||||
*/
|
||||
int fd = spawn_https_helper(server.host, server.port);
|
||||
sfp = fdopen(fd, "r+");
|
||||
if (!sfp)
|
||||
bb_perror_msg_and_die(bb_msg_memory_exhausted);
|
||||
} else
|
||||
#endif
|
||||
sfp = open_socket(lsa);
|
||||
#if SSL_HELPER
|
||||
#if ENABLE_FEATURE_WGET_SSL_HELPER
|
||||
if (target.protocol == P_HTTPS)
|
||||
spawn_https_helper1(fileno(sfp));
|
||||
spawn_https_helper(fileno(sfp));
|
||||
#endif
|
||||
/* Send HTTP request */
|
||||
if (use_proxy) {
|
||||
|
Loading…
Reference in New Issue
Block a user